GDPR is coming are you compliant?

Posted on: 29th November 2017 | By Nicky Speakman

What is GDPR?

General Data Protection Regulation (GDPR) will be implemented in the UK on the 25th May 2018, and will be regulated by the ICO. The new legislation aims to change the way personal data is managed; to give the power and rights of personal data back to the people. This will affect many companies who have bought the data, use scraped data or have incomplete data; where the user has loosely opted in.

How to Opt-In Users

The opt-in process is the part where you ask a user if they would like to receive communication from your business. To be GDPR complaint, you need to be clear and concise when you ask a user to opt-in, additionally, you need to be clear about what your users are opting in for.

For example: Would you like to opt-in to our newsletter? We will send you our newsletter about technology news once a week, on a Thursday, via email.

This example is clear and detailed; it informs the user that if they opt in they will receive news about technology, weekly and on a Thursday. For future reference, you don’t have to stipulate the day that the user will receive communication from you, but it is good practice because the user will know when to look out for the newsletter.

In the subscription terms and conditions, you must make it clear that:

The user can opt-out (unsubscribe) at any point and how they can opt-out

The user’s personal data will be protected by a high level of security and encryption if necessary

The key part of the opting in process is to be clear about how you will be using their data, throughout its journey. Also, it is vital to keep a log of how and when each user has opted in; this is so you can provide proof of the user’s subscription. If the ICO was to investigate your use and management of this personal data, you would have up to 30 days to provide evidence. Therefore, it is good practice to have an up to date and organised system that allows you to access this information almost instantly. A well-structured database for your subscribers, that is linked to a CRM system will prove to be the most useful for storing and accessing data.

GDPR Data Protection

Data security is a key part of GDPR, it is essential to secure all data and remove careless copies that have been stored on your desktop or office USB. User data should not be freely accessible to anyone, it should only be available to those who need to have access. Any data that has been backed up, needs to be password protected. In addition, accessible data like an on-site server, USB pen, external hard drive, or a PC of some sought also need to be in a secure location and again only obtainable by the relevant people.

So are you ready for GDPR?

GDPR is currently being modified, in preparation for when the legislation is implemented in May 2018. Although the legislation isn’t active until then, it is important to act now so you are prepared and have the correct systems in place.

If you need any help or further advice, please comment below or feel free to contact us.